This invention relates in general to credentials and, more specifically, to hardening a credentials at the point of presentment.
Credentials are used to authenticate persons and equipment in electronic systems. For example, a credential could be formed by encrypting a payload to form a cryptogram. Presentment of the cryptogram allows the receiving entity to decrypt and check the payload in the cryptogram against the known payload. If the received payload matches the known payload, the credential is authentic, and presumably, so is the person or equipment at the point of presentment. A copy of the cryptogram or payload and key allows others to impersonate the true owner of the credential.
A credential can be protected using signatures or other cryptographic techniques. A credential can be successively signed or encrypted by multiple parties to authenticate a chain of those parties. Verification of the encryption or signatures allows confirming an audit trail for the payload through the chain.
Hardware and/or software is often used at the point of presentment to provide a stored credential or generate a credential. Those skilled in the art trust hardware more than software when dealing with credentials. There are robust techniques to protect against hardware tampering, but software is generally seen as being more vulnerable to hackers. Hardware is problematic also because of the expense in deployment in large systems. For example, providing authentication hardware to all users of Internet as the point of presentment is problematic.
Credit cards are often used to purchase items over the Internet. The user enters information printed on the card into a computer terminal. This is passed to the merchant with a secure channel in many cases. The merchant checks the provided information and charges the account. Possession of the card information by hackers is a ubiquitous source of fraud, because authentication is often presumed for anyone who possesses the card information.
In the appended figures, similar components and/or features may have the same reference label. Further, various components of the same type may be distinguished by following the reference label by a dash and a second label that distinguishes among the similar components. If only the first reference label is used in the specification, the description is applicable to any one of the similar components having the same first reference label irrespective of the second reference label.